Many PI partners work in challenging environments, with massive state surveillance and/or ongoing censorship programmes. Giving them an ability to securely browse the web (both clear and onion) in a way which allows them to evade dragnet surveillance also allows them to conduct investigations securely.
Anonymity technologies are becoming a legal requirement for public agency and corporate anti-corruption compliance.
Launching an onion address is a preventative measure for news organizations and activists to take against censorship around the world.
Tor is a labor of love built by a small group of committed individuals, but we’re lucky to have...
The free and open internet was under attack in 2017, but Tor was there to fight for privacy and security every step of the way.
We are hyped to present the next generation of onion services! We've been working on this project non-stop for the past 4 years and we officially launched it two weeks ago by publishing our first alpha releases. All in all, the new system is a well needed improvement that fixes many shortcomings of the old design, and builds a solid foundation for future onion work.
This post explores how Tor onion services can be integrated into existing web services, making them more secure. This integration will use the “publish / subscribe” pattern over Tor to trigger re-builds of the txtorcon documentation (which is hosted on an onion service). We will use Tor to transport the published messages so the network-location of the machine hosting the onion service remains hidden. We will use a messaging system called “Web Application Messaging Protocol” or WAMP.
We’re looking for technical people to come help us test next-gen onion services. They’ve been fully merged into tor-0.3.2.1-alpha, and the latest version of Tor Browser supports them. We're still in the testing phase, though -- keep an eye on this blog for the official launch.
Hello! We found a security issue in the onion service code (CVE-2017-0380, TROVE-2017-008) that can cause sensitive information to be written to your logs if you have set the SafeLogging option to 0. If you are not running an onion service, or you have not changed the SafeLogging option from its default, you are not affected. If you are running 0.2.5, you are not affected. (0.2.4, 0.2.6, and 0.2.7 are no longer supported.) For more information, including workaround steps, see the advisory.
The goal of our study is to understand your expectations, assumptions, and habits when browsing onion services. For example, we are wondering: How do you keep track of onion domains? How do you discover new onion services? How do you know an onion service is legitimate and not an impersonation? By answering these questions, we can identify usability issues and build better anonymity technology.